Site Security / Privacy Statement
This policy outlines how we obtain, store, use and share your personal information
What Does This Policy Cover?
- Our Commitment To Your Privacy
- Relevant Legislation
- Who Are We?
- What Information Do We Collect About You and Where Do We Store it??
- How Do We Use The Information We Collect About You?
- The Legal Basis For Processing Personal Data
- Data Breaches
- Our Third-Party Data Processors
- Data Controller
- Our Commitment to Data Security
- Our Commitment to Children's Privacy
- How You Can Access Your Information?
- How To Contact Us
- Data Retention
- Your Rights
1. Our Commitment To Your Privacy
Your privacy is important to us and we are committed to protecting your personal information. To better protect your privacy, we provide this policy explaining our online information practices and the choices you can make about the way your information is collected and used.
2. Relevant Legislation:
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- You may opt in or out of our email communications at any time
- You have the right to remove any information we may hold on you
- We will never sell, rent, make public or distribute your personal information
- Data is a liability and therefore should only be collected and processed when absolutely necessary
4. Who Are We?
- We are Jackson’s Art Supplies Limited.
- Our Company Registration Number is 3913002
- Our Registered Office is at 1 Farleigh Place, London, N16 7SX.
- Our Data Protection Officer (DPO) is Stuart Small, Operations Director
- Our Data Protection Officer, Stuart Small, can be contacted at Jackson’s Art Supplies, Unit J, Edison Close, Waterwells Business Park, Quedgeley, Gloucester, GL2 2FN or 01452 228482.
This policy explains our role as a data controller when we use your personal information in order to fulfil the orders you place with us or interact with us through our website.
5. What Information Do We Collect About You And Where Do We Store It?
This Policy applies to all information we collect or is voluntarily submitted on the Jackson’s Art website. This website collects and uses personal information for the following reasons:
We collect the personal information you voluntarily provide to us, which includes your name and email address in order to subscribe to our newsletter, receive our free content, participate in our Affiliate Program, comment on our blog, and/or purchase services or online products.
If you make an online purchase of our products and/or services, subscribe to our newsletter, comment on our blog, make requests or leave feedback then we will collect the following information;
- Address (billing and Delivery)
- Email address
- Contact Phone number
- Delivery Instructions
This information is held securely on our servers.
Website Visitor Tracking
Like most websites, our website uses Google Analytics. This tool collects information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. We use this information to better understand how visitors find us and how they interact with our website. We can use this to make adjustments to our website, to deliver a better user experience.
We also use tracking from Facebook and Pinterest so that we can better understand how visitors are interacting with our site via social media and to track the effectiveness of any adverts we place on social media.
Our website uses software that tracks your IP data. When you visit our site, we may automatically log your IP address, a unique identifier for your computer or other access device. We will not use your IP address to identify you, the individual, in any way.
When you visit our site, we may automatically log your IP address, a unique identifier for your computer or other access device. We will not use your IP address to identify you, the individual, in any way
We use IP addresses for the purpose of restoring your basket information or changing the language of currency.
Contact Forms and Email Links
Should you choose to contact us using the contact form on our Contact Us Page, none of the data that you supply will be stored by this website or passed to / be processed by any of the third-party data processors defined in section below. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
We store information on our own secure servers
6. How Do We Use The Information We Collect About You?
We collect information about you to understand your needs and provide you with a better service. Specifically, we use your information for:
- Internal record keeping
- Improving our services
The legal basis for this type of processing is either consent or our legitimate interests in growing our business.
- Providing you with offers relating to our products or services
- The legal basis for this type of processing is either consent or our legitimate interests in growing our business.
We may send you such communications if you requested it and/or if you agreed to receive such communications. You can opt-out of these emails at any time through the ‘unsubscribe’ button in each email or contacting us via email.
We will only share your information with trusted 3rd parties if necessary to provide support in running this Website. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
We use the information you provide about yourself when placing an order only to complete that order. We do not share this information with outside parties except to the extent necessary to complete that order.
We use the information you provide about someone else when placing an order only to ship the product and to confirm delivery. We do not share this information with outside parties except to the extent necessary to complete that order.
We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties. We undertake not to retain any of your personally identifiable data any longer than necessary. Data will be retained for the purposes already mentioned in this policy until such time as it becomes no longer valid or you specifically request its removal.
Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses. We will always provide you with a simple way to later opt out later should you change your mind.
We never transfer any of your personally identifiable information outside of the EU.
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third-party data processor (see Third-Party Processors below).
Third-Party - Data Disclosure
The Information Commissioner's Office states that:
Third party, in relation to personal data, means any person other than –
(a) the data subject,
(b) the data controller, or
(c) any data processor or other person authorised to process data for the data controller or processor
Jackson's Art Supplies will never give any customer data to any third-party.
You should be aware that if we are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your personal information and/or user information, we are entitled to do so.
7. The Legal Basis For Processing Personal Data
These are the following legal reasons for processing personal data:
- For the performance of a contract with you
- Internal record keeping for statutory purposes
- For the legitimate interests in growing our business
- For the purpose of furthering Jackson’s legitimate interests including providing better products and services
- For marketing purposes where you opted in to receive marketing communications from us, we will process your personal data and provide you with marketing communications in line with the preferences you have provided
8. Data Breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
A cookie is a piece of code that allows the web server to identify and track activity of the web browser. They are widely used in order to make websites work more efficiently, as well as to provide information to the owners of the website.
You can enable or disable your Cookie settings via your own web browser. See our Cookies Policy for more details.
For further details please consult the help menu in your browser or visit www.allaboutcookies.org
10. Our Third-Party Data Processors
11. Data Controller
- The data controller of this website is: Jackson’s Art Supplies Limited, a UK Private Limited
- Company Number: 3913002
- Registered Office: 1 Farleigh Place, London, N16 7SX
- Operating Office: Unit J, Edison Close, Waterwells Business Park, Quedgeley, Gloucester, GL2 2FN
12. Our Commitment to Data Security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Our website environment is secured behind strict firewall rules and a virtual private network to place the environment behind public facing networks. Threat detection at infrastructure level is provided by AWS Guard Duty, continuously monitoring for malicious activity. For the public facing elements of the website CloudFlare provides malicious detection and blocking.
Our third-party payment acquirer and payment providers also conduct quarterly vulnerability scans to check the web hosting environment for known threats.
Though we have these procedures in place we can’t be held responsible for any intercepted information shared through our website without our knowledge or permission.
Credit Card Security
We do not see or touch your credit card details and we do not store your card details anywhere within our systems or our web servers.
Your payment card details are sent in encrypted form to our credit card processor.
The payment card details are not entered into or stored on our website or servers.
Your payment will be taken directly from our payment providers secure payment processing page.
If a malicious threat actor/hacker intercepts your payment internet traffic they will not be able to do anything with the payment data as the payment card number is scrambled during the upload process. No one can read the data except our payment card processing company.
We use secure servers (SSL) and extra strong encryption.
Payment via PayPal
- Website takes the the user to PayPal to login or ‘one-time’ payment system
- When payment has been completed, the user is taken back to the website to complete the order and confirm all details
Payment via debit/ credit card
- Website takes the user to our "our" payment platform (Ingenico) to complete the order payment
- When the payment has been completed, the user is taken back to the website to an order confirmation message
13. Our Commitment to Children's Privacy
Protecting the privacy of the young is especially important. For that reason, we never collect or maintain information at our website from those we actually know are under 16, and no part of our website is structured to attract anyone under 16.
14. How You Can Access Your Information
You can request a copy of the data we have collected from you (order history, personal details…) by submitting a request to our Data Protection Officer at Jackson’s Art Supplies, Unit J, Edison Close, Waterwells Business Park, Quedgeley, Gloucester, GL2 2FN or 01452 228482.
To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.
15. How to Contact Us
Should you have other questions or concerns about these privacy policies, please call our Data Protection Officer on 01452 228482.
In the extremely unlikely event that you are dissatisfied with any way that we handle your data requests, you are able to raise your issue with the ICO.
16. Data Retention
The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
For full details of the Company’s approach to data retention, including retention periods for specific personal data types held by the Company, please refer to our Data Retention Policy.
17. Your Rights
Your rights under data protection laws include the right to access, erase, correct, restrict, and/or object to our use and processing of your personal data, as well as the right to portability of the data.
You have the right to confirmation as to how and where we process your data. To the extent that the legal basis for our processing consents, you have the right to withdraw at any time.
If you consider our processing to infringe data protection laws, you have the right to lodge a complaint with a supervisory authority.
15/11/22 - Policy updated regarding our third-party data processors and ecommerce payment providers